2021-05-21 09:04:55 |
James Page |
bug |
|
|
added bug |
2021-05-21 09:05:03 |
James Page |
nominated for series |
|
Ubuntu Groovy |
|
2021-05-21 09:05:03 |
James Page |
bug task added |
|
ceph (Ubuntu Groovy) |
|
2021-05-21 09:05:03 |
James Page |
nominated for series |
|
Ubuntu Focal |
|
2021-05-21 09:05:03 |
James Page |
bug task added |
|
ceph (Ubuntu Focal) |
|
2021-05-21 09:05:10 |
James Page |
ceph (Ubuntu Focal): status |
New |
Triaged |
|
2021-05-21 09:05:12 |
James Page |
ceph (Ubuntu Groovy): status |
New |
Triaged |
|
2021-05-21 09:05:15 |
James Page |
ceph (Ubuntu): status |
New |
Invalid |
|
2021-05-21 09:05:22 |
James Page |
ceph (Ubuntu Groovy): importance |
Undecided |
High |
|
2021-05-21 09:05:25 |
James Page |
ceph (Ubuntu Focal): importance |
Undecided |
High |
|
2021-05-21 09:05:56 |
James Page |
cve linked |
|
2021-3509 |
|
2021-05-21 09:06:13 |
James Page |
cve linked |
|
2021-3531 |
|
2021-05-21 09:06:24 |
James Page |
cve linked |
|
2021-3524 |
|
2021-05-21 09:06:57 |
James Page |
description |
TBC |
Upstream release announcement:
V15.2.12 OCTOPUS
This is a hotfix release addressing a number of security issues and regressions. We recommend all users update to this release.
CHANGELOG
mgr/dashboard: fix base-href: revert it to previous approach (issue#50684, Avan Thakkar)
mgr/dashboard: fix cookie injection issue (CVE-2021-3509: Dashboard XSS via token cookie, Ernesto Puerta)
rgw: RGWSwiftWebsiteHandler::is_web_dir checks empty subdir_name (CVE-2021-3531: Swift API denial of service, Felix Huettner)
rgw: sanitize r in s3 CORSConfiguration’s ExposeHeader (CVE-2021-3524: HTTP header injects via CORS in RGW, Sergey Bobrov, Casey Bodley) |
|
2021-05-21 09:07:20 |
James Page |
description |
Upstream release announcement:
V15.2.12 OCTOPUS
This is a hotfix release addressing a number of security issues and regressions. We recommend all users update to this release.
CHANGELOG
mgr/dashboard: fix base-href: revert it to previous approach (issue#50684, Avan Thakkar)
mgr/dashboard: fix cookie injection issue (CVE-2021-3509: Dashboard XSS via token cookie, Ernesto Puerta)
rgw: RGWSwiftWebsiteHandler::is_web_dir checks empty subdir_name (CVE-2021-3531: Swift API denial of service, Felix Huettner)
rgw: sanitize r in s3 CORSConfiguration’s ExposeHeader (CVE-2021-3524: HTTP header injects via CORS in RGW, Sergey Bobrov, Casey Bodley) |
[Impact]
This release fixes several bugs. We would like to make sure all of our users have access to these improvements.
The update contains the following package updates:
* ceph 15.2.11
[Test Case]
The following SRU process was followed:
https://wiki.ubuntu.com/OpenStackUpdates
In order to avoid regression of existing users, the OpenStack team will run their continuous integration test against the packages that are in -proposed. A successful run of all available tests will be required before the proposed packages can be let into -updates.
The OpenStack team will be in charge of attaching the output summary of the executed tests. The OpenStack team members will not mark ‘verification-done’ until this has happened.
[Regression Potential]
In order to mitigate the regression potential, the results of the
aforementioned tests are attached to this bug.
[Upstream release announcement]
V15.2.12 OCTOPUS
This is a hotfix release addressing a number of security issues and regressions. We recommend all users update to this release.
CHANGELOG
mgr/dashboard: fix base-href: revert it to previous approach (issue#50684, Avan Thakkar)
mgr/dashboard: fix cookie injection issue (CVE-2021-3509: Dashboard XSS via token cookie, Ernesto Puerta)
rgw: RGWSwiftWebsiteHandler::is_web_dir checks empty subdir_name (CVE-2021-3531: Swift API denial of service, Felix Huettner)
rgw: sanitize r in s3 CORSConfiguration’s ExposeHeader (CVE-2021-3524: HTTP header injects via CORS in RGW, Sergey Bobrov, Casey Bodley) |
|
2021-05-21 09:07:25 |
James Page |
description |
[Impact]
This release fixes several bugs. We would like to make sure all of our users have access to these improvements.
The update contains the following package updates:
* ceph 15.2.11
[Test Case]
The following SRU process was followed:
https://wiki.ubuntu.com/OpenStackUpdates
In order to avoid regression of existing users, the OpenStack team will run their continuous integration test against the packages that are in -proposed. A successful run of all available tests will be required before the proposed packages can be let into -updates.
The OpenStack team will be in charge of attaching the output summary of the executed tests. The OpenStack team members will not mark ‘verification-done’ until this has happened.
[Regression Potential]
In order to mitigate the regression potential, the results of the
aforementioned tests are attached to this bug.
[Upstream release announcement]
V15.2.12 OCTOPUS
This is a hotfix release addressing a number of security issues and regressions. We recommend all users update to this release.
CHANGELOG
mgr/dashboard: fix base-href: revert it to previous approach (issue#50684, Avan Thakkar)
mgr/dashboard: fix cookie injection issue (CVE-2021-3509: Dashboard XSS via token cookie, Ernesto Puerta)
rgw: RGWSwiftWebsiteHandler::is_web_dir checks empty subdir_name (CVE-2021-3531: Swift API denial of service, Felix Huettner)
rgw: sanitize r in s3 CORSConfiguration’s ExposeHeader (CVE-2021-3524: HTTP header injects via CORS in RGW, Sergey Bobrov, Casey Bodley) |
[Impact]
This release fixes several bugs. We would like to make sure all of our users have access to these improvements.
The update contains the following package updates:
* ceph 15.2.12
[Test Case]
The following SRU process was followed:
https://wiki.ubuntu.com/OpenStackUpdates
In order to avoid regression of existing users, the OpenStack team will run their continuous integration test against the packages that are in -proposed. A successful run of all available tests will be required before the proposed packages can be let into -updates.
The OpenStack team will be in charge of attaching the output summary of the executed tests. The OpenStack team members will not mark ‘verification-done’ until this has happened.
[Regression Potential]
In order to mitigate the regression potential, the results of the
aforementioned tests are attached to this bug.
[Upstream release announcement]
V15.2.12 OCTOPUS
This is a hotfix release addressing a number of security issues and regressions. We recommend all users update to this release.
CHANGELOG
mgr/dashboard: fix base-href: revert it to previous approach (issue#50684, Avan Thakkar)
mgr/dashboard: fix cookie injection issue (CVE-2021-3509: Dashboard XSS via token cookie, Ernesto Puerta)
rgw: RGWSwiftWebsiteHandler::is_web_dir checks empty subdir_name (CVE-2021-3531: Swift API denial of service, Felix Huettner)
rgw: sanitize r in s3 CORSConfiguration’s ExposeHeader (CVE-2021-3524: HTTP header injects via CORS in RGW, Sergey Bobrov, Casey Bodley) |
|
2021-05-21 09:07:41 |
James Page |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2021-05-21 09:08:16 |
James Page |
bug task added |
|
cloud-archive |
|
2021-05-21 09:08:25 |
James Page |
nominated for series |
|
cloud-archive/ussuri |
|
2021-05-21 09:08:25 |
James Page |
bug task added |
|
cloud-archive/ussuri |
|
2021-05-21 09:08:31 |
James Page |
cloud-archive: status |
New |
Invalid |
|
2021-05-21 09:08:34 |
James Page |
cloud-archive/ussuri: status |
New |
Triaged |
|
2021-05-21 09:08:36 |
James Page |
cloud-archive/ussuri: importance |
Undecided |
High |
|
2021-06-24 20:13:39 |
Steve Beattie |
ceph (Ubuntu Focal): assignee |
|
Steve Beattie (sbeattie) |
|
2021-06-24 20:13:41 |
Steve Beattie |
ceph (Ubuntu Groovy): assignee |
|
Steve Beattie (sbeattie) |
|
2021-06-24 23:45:42 |
Launchpad Janitor |
ceph (Ubuntu Groovy): status |
Triaged |
Fix Released |
|
2021-06-24 23:45:44 |
Launchpad Janitor |
ceph (Ubuntu Focal): status |
Triaged |
Fix Released |
|
2021-06-28 08:36:40 |
James Page |
cloud-archive/ussuri: status |
Triaged |
Fix Committed |
|
2021-06-28 08:36:41 |
James Page |
tags |
|
verification-ussuri-needed |
|
2021-07-06 12:49:49 |
James Page |
tags |
verification-ussuri-needed |
verification-ussuri-done |
|
2021-07-06 12:51:56 |
James Page |
cloud-archive/ussuri: status |
Fix Committed |
Fix Released |
|
2021-10-11 13:53:01 |
Frank Villaro |
bug |
|
|
added subscriber Frank Villaro |